more detail and summary of kod.c (igmp bug for windows)

From: klepto (kleptoat_private)
Date: Wed Jul 14 1999 - 22:32:08 PDT

Next message: Zero Divide: "Re: America Online Token Hole"

Previous message: Symon Aked: "Re: Root Perms Gained with Patrol SNMP Agent 3.2 (all others?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ok,
here we go again..=20
For those who are having trouble with kod, alot of you are using a very =
old version which was the first i submitted.
inserted is the lastest version which should work. I wrote kod.c aka =
cherrycoke.c about 3-4 months ago.=20
It sends a fragmented igmp packet to a windows client that states that =
it is not fragmented but there are more frags to come
windows assembles the packets and dies trying. Here is a dump of the =
packet if you want to rewrite it.

/* output via tcpdump or windump95
63.66.66.44 > 24.128.158.18: igmp-2 [v0][|igmp] (frag 52242:1480@0+) =
(ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@1480+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@2960+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@4440+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@5920+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@7400+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@8880+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@10360+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@11840+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@13320+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:1480@14800+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:120@16280) (ttl 128)
*/

::notice the last frag it changed length..

I have also ported kod to windows and please email me if you want a copy =
of it.

As far as I can tell due to my exaustive research on the subject it =
works on 95/98/98se/2k(some betas)

Friends of mine such as defile/nyt/ignitor/etc have rewritten kod to =
suit there needs..

I have tested kod.c out alot on many machines and it works 85% of the =
time for me.
There are circumstances to why kod doesn't always work, some routers my =
drop igmp packets if
the source isn't local so try spoofing =3D). As far as I can see netcom =
and alot of .ca servers drop the kod packets.
So please dont bark at me =3D) I just found the bug, wrote the code and =
what you do with it is your concern =3D).


Patch:
(no hotfix currently)
If you want to protect yourself from kod.c I suggest you get winroute =
from www.winroute.com
get version 4.. It automatically drops igmp packets incoming and =
outgoing ha =3D)
It is also a very good portmapper/NAT firewall/ip masqer as well..

Shoutouts: =
amputee/ignitor/nizda/antibyte/codelogic/ill`/chord/cheesebal/traveler/wi=
nx/naz/dist/mrcide/etc...
(gotta give shoutouts)

hasta,

klepto@Efnet
or kleptoat_private
de omnibus dubitandum

Next message: Zero Divide: "Re: America Online Token Hole"
Previous message: Symon Aked: "Re: Root Perms Gained with Patrol SNMP Agent 3.2 (all others?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:24 PDT